This week in InfoSec is an illegal game of wiff waff before even Bojo thought of it Rant of the Week is the stuff of nightmares for any records management professional Billy Big Balls is a story from NCIS Santa Barbara Industry News is the latest and greatest news stories from around the world And Tweet of the Week is a dish best served cold
This week in InfoSec (07:42)
With content liberated from the “today in infosec” twitter account and further afield
29th August 1990: The UK's Computer Misuse Act 1990 went into effect, introducing 3 criminal offences related to unauthorised access and modification of "computer material".
https://twitter.com/todayininfosec/status/1829252932178719161
27th August 1999: One of the first companies to offer a dedicated web application firewall (WAF) was Perfecto Technologies with its AppShield product. But it didn't use the terminology "WAF", instead describing it as "a plug and play" Internet application security solution."
https://twitter.com/todayininfosec/status/1828483993001492969
Rant of the Week (13:25)
Watchdog warns FBI is sloppy on secure data storage and destruction
The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General.
Drives containing national security data, Foreign Intelligence Surveillance Act information and documents classified as Secret were routinely unlabeled, opening the potential for it to be either lost or stolen, the report [PDF] addressed to FBI Director Christopher Wray states.
Ironically, this lack of identification might be considered a benefit, given the lax security at the FBI's facility used to destroy such media after they have been finished with.
The OIG report notes that it found boxes of hard drives and removable storage sitting open and unattended for "days or even weeks" because they were only sealed once the boxes were full. This potentially allows any of the 395 staff and contractors with access to the facility to have a rummage around.
Billy Big Balls of the Week (22:01)
Deadbeat dad faked his own death by hacking government databases
A US man has been sentenced to 81 months in jail for faking his own death by hacking government systems and officially marking himself as deceased.
The US Department of Justice on Tuesday detailed the case of Jesse Kipf, 39, who was sent down for computer fraud and aggravated identity theft.
In January 2023, Kipf used the credentials of a physician to access Hawaii's Death Registry System and create a "case" that recorded his own death.
"Kipf then completed a State of Hawaii Death Certificate Worksheet, assigned himself as the medical certifier for the case and certified his death, using the digital signature of the doctor," the DoJ wrote. The paperwork was all correct, so many government databases listed Kipf as deceased.
But he was very much alive and enjoying the fact that his "death" meant he didn't have to make child support payments or catch up on those he'd already missed. Evidence presented in court included internet search histories recorded on a laptop, with Kipf looking up terms including "Remove California child support for deceased."
Industry News (28:13)
FBI Flawed Data Handling Raises Security Concerns
Microsoft 365 Copilot Vulnerability Exposes User Data Risks
Money Laundering Dominates UK Fraud Cases
Ransomware Attacks Exposed 6.7 Million Records in US Schools
IT Engineer Charged For Attempting to Extort Former Employer
Surge in New Scams as Pig Butchering Dominates
Unpatched CCTV Cameras Exploited to Spread Mirai Variant
North Korean Hackers Launch New Wave of npm Package Attacks
Tweet of the Week (36:20)
